So electron improved their security features with the recent version 5, but by doing this broke tons of applications because they either need User Namespaces or an SUID executeable (to launch proper isolated subprocesses).

#Signal Desktop noticed this problem and as well and "fixed" it in the worst way possible:

@sheogorath I assume the simple explanation isn’t really appropriate in this case as Signal is not letting you navigate outside of its own services. Like how would one take advantage of this insecurity?

@liaizon Actually it is. The idea is, that by sandboxing you strip away unneeded permissions and capabilities from processes like the rendering process, so they can't attack your system and (for example) execute code.

And there is actually a ton of 3rd party content that runs in Signal, like videos that one send to you.

And remember the recent flaw in the VLC dependency that caused CVE-2019-5439? There is no guarantee that similar flaws don't reside in Chromium and therefore in Signal Desktop.

@sheogorath thanks for the explanation! So the sandboxing is not just about per processes/tab capabilities but capabilities in general for all of the different actions Signal may support. Seems like Signal being built on Electron might be the biggest vulnerability!

@liaizon Yes, chromium spreads out different tasks to different processes which then get only the right amount of capabilities to "get the job done". You can check that in your process manager (on linux you can open a shell and run `ps aux | grep signal`) to see this in action.

When it comes to Electron, well, not per se. Electron has the potential to be a big security problem, but a bad written own client could be even worse.